flash/sakura
flash/sakura
Archived
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Auth is fucking FINISHED

Browse source
This commit is contained in:
flash 2015-04-25 20:08:44 +00:00
parent 4742b4322e
commit 3c4846fd0a
16 changed files with 321 additions and 917 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
.gitignore vendored
View file

@ -48,7 +48,8 @@ content/images/backgrounds/*
!content/images/backgrounds/.htaccess
BingSiteAuth.xml
google*.html
logs/*
main/logs/*
main/dev/*
#################

13
_developer_data/Sakura.php → _developer_data/Sockura.php
View file

@ -4,8 +4,11 @@
* By Flashwave
*/
// Settings
$sockSakuraPath = ''; // Filesystem path to the _sakura folder WITHOUT an ending /
// Filesystem path to the _sakura folder WITHOUT an ending /
// This can also be set before an include of this file in case
// you're using git to keep in sync and don't want conflicts
if(!isset($sockSakuraPath))
$sockSakuraPath = '';
/* * * DON'T EDIT ANYTHING BELOW THIS LINE * * */
@ -31,8 +34,8 @@ if(Auth::getPageType() == AUTH_FETCH) {
} else {
// Get arguments
$uid = $_GET['arg1'];
$sid = $_GET['arg2'];
$uid = $_REQUEST['arg1'];
$sid = $_REQUEST['arg2'];
// Check if session is active else deny
if(Session::checkSession($uid, $sid)) {
@ -53,7 +56,7 @@ if(Auth::getPageType() == AUTH_FETCH) {
Auth::SetUserData(
$user['id'],
$user['username'],
$rank['colour']
$user['name_colour'] == null ? $rank['colour'] : $user['name_colour']
);
switch($rank['id']) {

6
_sakura/components/Main.php
View file

@ -219,9 +219,15 @@ class Main {
// Get user data
foreach($newsPosts as $newsId => $newsPost) {
$newsPosts[$newsId]['parsed'] = self::mdParse($newsPost['content']);
$newsPosts[$newsId]['udata'] = Users::getUser($newsPost['uid']);
$newsPosts[$newsId]['rdata'] = Users::getRank($newsPosts[$newsId]['udata']['rank_main']);
// Check if a custom name colour is set and if so overwrite the rank colour
if($newsPosts[$newsId]['udata']['name_colour'] != null)
$newsPosts[$newsId]['rdata']['colour'] = $newsPosts[$newsId]['udata']['name_colour'];
}
// Return posts

157
_sakura/components/Users.php
View file

@ -69,6 +69,10 @@ class Users {
}
// Redirect people that need to change their password to the new format
if(self::getUser(Session::$userId)['password_algo'] == 'legacy' && $_SERVER['PHP_SELF'] != '/authenticate.php' && $_SERVER['PHP_SELF'] != '/imageserve.php')
header('Location: /authenticate.php?legacy=true');
// If everything went through return true
return true;
@ -258,6 +262,157 @@ class Users {
}
// Check if a user exists and then send the password forgot email
public static function sendPasswordForgot($username, $email) {
// Check if authentication is disallowed
if(Configuration::getConfig('lock_authentication'))
return [0, 'AUTH_LOCKED'];
// Clean username string
$usernameClean = Main::cleanString($username, true);
$emailClean = Main::cleanString($email, true);
// Do database request
$user = Database::fetch('users', false, [
'username_clean' => [$usernameClean, '='],
'email' => [$emailClean, '=']
]);
// Check if user exists
if(count($user) < 2)
return [0, 'USER_NOT_EXIST'];
// Check if the user is deactivated
if(in_array(0, json_decode($user['ranks'], true)))
return [0, 'DEACTIVATED'];
// Generate the verification key
$verk = Main::newActionCode('LOST_PASS', $user['id'], [
'meta' => [
'password_change' => 1
]
]);
// Build the e-mail
$message = "Hello ". $user['username'] .",\r\n\r\n";
$message .= "You are receiving this notification because you have (or someone pretending to be you has) requested a password reset link to be sent for your account on \"". Configuration::getConfig('sitename') ."\". If you did not request this notification then please ignore it, if you keep receiving it please contact the site administrator.\r\n\r\n";
$message .= "To use this password reset key you need to go to a special page. To do this click the link provided below.\r\n\r\n";
$message .= "http://". Configuration::getLocalConfig('urls', 'main') ."/forgotpassword?pw=true&uid=". $user['id'] ."&key=". $verk ."\r\n\r\n";
$message .= "If successful you should be able to change your password here.\r\n\r\n";
$message .= "Alternatively if the above method fails for some reason you can go to http://". Configuration::getLocalConfig('urls', 'main') ."/forgotpassword?pw=true&uid=". $user['id'] ." and use the key listed below:\r\n\r\n";
$message .= "Verification key: ". $verk ."\r\n\r\n";
$message .= "You can of course change this password yourself via the profile page. If you have any difficulties please contact the site administrator.\r\n\r\n";
$message .= "--\r\n\r\nThanks\r\n\r\n". Configuration::getConfig('mail_signature');
// Send the message
Main::sendMail([$user['email'] => $user['username']], Configuration::getConfig('sitename') .' password restoration', $message);
// Return success
return [1, 'SUCCESS'];
}
// [Flashwave 2015-04-25] Prepare for 5 million password changing functions
// Change legacy passwords after logging in
public static function changeLegacy($oldpass, $newpass, $verpass) {
// Check if user is logged in because I just know someone is going to meme around it
if(!self::checkLogin())
return [0, 'USER_NOT_LOGIN'];
// Get user data
$user = Users::getUser(Session::$userId);
// Check if the user is deactivated
if(in_array(0, json_decode($user['ranks'], true)))
return [0, 'DEACTIVATED'];
// Check if the account is disabled
if('nologin' == $user['password_algo'])
return [0, 'NO_LOGIN'];
// Check if old pass is correct
if(Main::legacyPasswordHash($oldpass) != $user['password_hash'])
return [0, 'INCORRECT_PASSWORD'];
// Check password entropy
if(Main::pwdEntropy($newpass) < Configuration::getConfig('min_entropy'))
return [0, 'PASS_TOO_SHIT'];
// Passwords do not match
if($newpass != $verpass)
return [0, 'PASS_NOT_MATCH'];
// Hash the password
$password = Hashing::create_hash($newpass);
$time = time();
// Update the user
Database::update('users', [
[
'password_hash' => $password[3],
'password_salt' => $password[2],
'password_algo' => $password[0],
'password_iter' => $password[1],
'password_chan' => $time
],
[
'id' => [Session::$userId, '=']
]
]);
// Return success
return [1, 'SUCCESS'];
}
// Reset password with key
public static function resetPassword($verk, $uid, $newpass, $verpass) {
// Check if authentication is disallowed
if(Configuration::getConfig('lock_authentication'))
return [0, 'AUTH_LOCKED'];
// Check password entropy
if(Main::pwdEntropy($newpass) < Configuration::getConfig('min_entropy'))
return [0, 'PASS_TOO_SHIT'];
// Passwords do not match
if($newpass != $verpass)
return [0, 'PASS_NOT_MATCH'];
// Check the verification key
$action = Main::useActionCode('LOST_PASS', $verk, $uid);
// Check if we got a negative return
if(!$action[0])
return [0, $action[1]];
// Hash the password
$password = Hashing::create_hash($newpass);
$time = time();
// Update the user
Database::update('users', [
[
'password_hash' => $password[3],
'password_salt' => $password[2],
'password_algo' => $password[0],
'password_iter' => $password[1],
'password_chan' => $time
],
[
'id' => [$uid, '=']
]
]);
// Return success
return [1, 'SUCCESS'];
}
// Check if a user exists and then resend the activation e-mail
public static function resendActivationMail($username, $email) {
@ -321,7 +476,7 @@ class Users {
$message .= "Your password has been securely stored in our database and cannot be retrieved. ";
$message .= "In the event that it is forgotten, you will be able to reset it using the email address associated with your account.\r\n\r\n";
$message .= "Thank you for registering.\r\n\r\n";
$message .= "--\r\n\r\nSincerely\r\n\r\n". Configuration::getConfig('mail_signature');
$message .= "--\r\n\r\nThanks\r\n\r\n". Configuration::getConfig('mail_signature');
// Send the message
Main::sendMail([$user['email'] => $user['username']], Configuration::getConfig('sitename') .' Activation Mail', $message);

8
_sakura/config/config.example.php
View file

@ -1,5 +1,5 @@
<?php
// Flashii Configuration
// Sakura Configuration
$sakuraConf = array(); // Define configuration array
// PDO Database Connection
@ -8,10 +8,10 @@ $sakuraConf['db']['driver'] = 'mysql'; // SQL Driver contained in the compon
$sakuraConf['db']['unixsocket'] = false; // Use internal UNIX system sockets (would not work on Windows)
$sakuraConf['db']['host'] = 'localhost'; // SQL Hosts (or path to socket in the case that you're using them)
$sakuraConf['db']['port'] = 3306; // SQL Port (does nothing when UNIX sockets are used)
$sakuraConf['db']['username'] = 'flashii'; // Database authentication username
$sakuraConf['db']['username'] = 'sakura'; // Database authentication username
$sakuraConf['db']['password'] = 'password'; // Database authentication password
$sakuraConf['db']['database'] = 'flashii'; // Database name
$sakuraConf['db']['prefix'] = 'fii_'; // Table Prefix
$sakuraConf['db']['database'] = 'sakura'; // Database name
$sakuraConf['db']['prefix'] = 'sakura_'; // Table Prefix
// URLs (for modularity)
$sakuraConf['urls']['main'] = 'flashii.net'; // Main site url

3
_sakura/sakura.php
View file

@ -74,6 +74,7 @@ $renderData = array(
'checklogin' => Users::checkLogin(),
'session' => Session::$sessionId,
'data' => ($_init_udata = Users::getUser(Session::$userId)),
'rank' => Users::getRank($_init_udata['rank_main'])
'rank' => ($_init_rdata = Users::getRank($_init_udata['rank_main'])),
'colour' => ($_init_udata['name_colour'] == null ? $_init_rdata['colour'] : $_init_udata['name_colour'])
]
);

10
_sakura/templates/yuuno/global/header.tpl
View file

@ -122,13 +122,13 @@
<a class="menu-item" href="//{{ sakura.urls.chat }}/" title="Chat with other Flashii members">Chat</a>
{% if user.checklogin %}
<a class="menu-item" href="//{{ sakura.urls.main }}/members" title="View a list with all the activated user accounts">Members</a>
<a class="menu-item menu-donate" href="//{{ sakura.urls.main }}/donate" title="Give us money to keep the site (and other services) up and running">Donate</a>
<a class="menu-item menu-donate" href="//{{ sakura.urls.main }}/support" title="Give us money to keep the site (and other services) up and running">Support</a>
{% endif %}
</div>
<div class="menu-ucp" id="navMenuUser">
<!-- User menu, displayed on right side of the bar. -->
{% if user.checklogin %}
<a class="menu-item avatar" href="//{{ sakura.urls.main }}/u/{{ user.data.id }}" title="View and edit your own profile" style="background-image: url('//{{ sakura.urls.main }}/a/{{ user.data.id }}'); width: auto; color: {{ user.rank.colour }}; font-weight: 700;">{{ user.data.username }}</a>
<a class="menu-item avatar" href="//{{ sakura.urls.main }}/u/{{ user.data.id }}" title="View and edit your own profile" style="background-image: url('//{{ sakura.urls.main }}/a/{{ user.data.id }}'); width: auto; color: {{ user.colour }}; font-weight: 700;">{{ user.data.username }}</a>
<a class="menu-item" href="//{{ sakura.urls.main }}/settings" title="Change your settings">Settings</a>
<a class="menu-item" href="//{{ sakura.urls.main }}/logout?mode=logout&time={{ php.time }}&session={{ php.sessionid }}&redirect={{ sakura.currentpage }}" title="End your login session" id="headerLogoutLink">Logout</a>
{% else %}
@ -170,3 +170,9 @@
</div>
</form>
{% endif %}
<noscript>
<div class="headerNotify">
<h1>You have JavaScript disabled!</h1>
<p>A lot of things on this site require JavaScript to be enabled (e.g. the chat), we try to keep both sides happy but it is highly recommended that you enable it (you'll also have to deal with this message being here if you don't enable it).</p>
</div>
</noscript>

2
_sakura/templates/yuuno/main/authenticate.tpl
View file

@ -89,7 +89,7 @@
<label for="registerPassword">Password:</label>
</div>
<div class="centreAlign">
<input class="inputStyling" type="password" id="registerPassword" name="password" placeholder="Must be at least 8 characters." />
<input class="inputStyling" type="password" id="registerPassword" name="password" placeholder="Using special characters is recommended" />
</div>
<div class="leftAlign">
<label for="registerConfirmPassword">Confirm Password:</label>

3
_sakura/templates/yuuno/main/forgotpassword.tpl
View file

@ -5,6 +5,7 @@
<input type="hidden" name="redirect" value="//iihsalf.net/" />
<input type="hidden" name="session" value="{{ php.sessionid }}" />
<input type="hidden" name="time" value="{{ php.time }}" />
<input type="hidden" name="uid" value="{{ auth.userId }}" />
<input type="hidden" name="mode" value="changepassword" />
<div class="profile-field">
<div><h2>Verification Key</h2></div>
@ -12,7 +13,7 @@
</div>
<div class="profile-field">
<div><h2>New Password</h2></div>
<div style="text-align: center;"><input type="password" name="newpw" placeholder="Your new password, has to be at least 8 characters" class="inputStyling" /></div>
<div style="text-align: center;"><input type="password" name="newpw" placeholder="Your new password, using special characters is recommended" class="inputStyling" /></div>
</div>
<div class="profile-field">
<div><h2>Verify Password</h2></div>

18
content/data/yuuno/css/yuuno.css
View file

@ -324,6 +324,20 @@ a.gotop:active {
}
}
/* Header notification thing */
.headerNotify {
margin: 10px auto;
padding: 10px;
width: auto;
max-width: 1024px;
border: 1px solid #9475B2;
box-shadow: 0 0 3px #9475B2;
border-radius: 3px;
background: #D3BFFF;
display: block;
text-align: center;
}
/* Footer Styling */
.footer {
box-shadow: 0 0 1em #9475B2;
@ -467,7 +481,7 @@ a.gotop:active {
background: #B19DDD;
}
.markdown hr {
background: url('data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAYAAAAECAYAAACtBE5DAAAAGXRFWHRTb2Z0d2FyZQBBZG9iZSBJbWFnZVJlYWR5ccllPAAAAyJpVFh0WE1MOmNvbS5hZG9iZS54bXAAAAAAADw/eHBhY2tldCBiZWdpbj0i77u/IiBpZD0iVzVNME1wQ2VoaUh6cmVTek5UY3prYzlkIj8+IDx4OnhtcG1ldGEgeG1sbnM6eD0iYWRvYmU6bnM6bWV0YS8iIHg6eG1wdGs9IkFkb2JlIFhNUCBDb3JlIDUuMC1jMDYwIDYxLjEzNDc3NywgMjAxMC8wMi8xMi0xNzozMjowMCAgICAgICAgIj4gPHJkZjpSREYgeG1sbnM6cmRmPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5LzAyLzIyLXJkZi1zeW50YXgtbnMjIj4gPHJkZjpEZXNjcmlwdGlvbiByZGY6YWJvdXQ9IiIgeG1sbnM6eG1wPSJodHRwOi8vbnMuYWRvYmUuY29tL3hhcC8xLjAvIiB4bWxuczp4bXBNTT0iaHR0cDovL25zLmFkb2JlLmNvbS94YXAvMS4wL21tLyIgeG1sbnM6c3RSZWY9Imh0dHA6Ly9ucy5hZG9iZS5jb20veGFwLzEuMC9zVHlwZS9SZXNvdXJjZVJlZiMiIHhtcDpDcmVhdG9yVG9vbD0iQWRvYmUgUGhvdG9zaG9wIENTNSBNYWNpbnRvc2giIHhtcE1NOkluc3RhbmNlSUQ9InhtcC5paWQ6OENDRjNBN0E2NTZBMTFFMEI3QjRBODM4NzJDMjlGNDgiIHhtcE1NOkRvY3VtZW50SUQ9InhtcC5kaWQ6OENDRjNBN0I2NTZBMTFFMEI3QjRBODM4NzJDMjlGNDgiPiA8eG1wTU06RGVyaXZlZEZyb20gc3RSZWY6aW5zdGFuY2VJRD0ieG1wLmlpZDo4Q0NGM0E3ODY1NkExMUUwQjdCNEE4Mzg3MkMyOUY0OCIgc3RSZWY6ZG9jdW1lbnRJRD0ieG1wLmRpZDo4Q0NGM0E3OTY1NkExMUUwQjdCNEE4Mzg3MkMyOUY0OCIvPiA8L3JkZjpEZXNjcmlwdGlvbj4gPC9yZGY6UkRGPiA8L3g6eG1wbWV0YT4gPD94cGFja2V0IGVuZD0iciI/PqqezsUAAAAfSURBVHjaYmRABcYwBiM2QSA4y4hNEKYDQxAEAAIMAHNGAzhkPOlYAAAAAElFTkSuQmCC') repeat-x scroll 0px 0px transparent;
background: url('data:image/png;base64,iVBORw0KGgoAAAANSUhEUgAAAAYAAAAECAYAAACtBE5DAAAAGXRFWHRTb2Z0d2FyZQBBZG9iZSBJbWFnZVJlYWR5ccllPAAAAyJpVFh0WE1MOmNvbS5hZG9iZS54bXAAAAAAADw/eHBhY2tldCBiZWdpbj0i77u/IiBpZD0iVzVNME1wQ2VoaUh6cmVTek5UY3prYzlkIj8+IDx4OnhtcG1ldGEgeG1sbnM6eD0iYWRvYmU6bnM6bWV0YS8iIHg6eG1wdGs9IkFkb2JlIFhNUCBDb3JlIDUuMC1jMDYwIDYxLjEzNDc3NywgMjAxMC8wMi8xMi0xNzozMjowMCAgICAgICAgIj4gPHJkZjpSREYgeG1sbnM6cmRmPSJodHRwOi8vd3d3LnczLm9yZy8xOTk5LzAyLzIyLXJkZi1zeW50YXgtbnMjIj4gPHJkZjpEZXNjcmlwdGlvbiByZGY6YWJvdXQ9IiIgeG1sbnM6eG1wPSJodHRwOi8vbnMuYWRvYmUuY29tL3hhcC8xLjAvIiB4bWxuczp4bXBNTT0iaHR0cDovL25zLmFkb2JlLmNvbS94YXAvMS4wL21tLyIgeG1sbnM6c3RSZWY9Imh0dHA6Ly9ucy5hZG9iZS5jb20veGFwLzEuMC9zVHlwZS9SZXNvdXJjZVJlZiMiIHhtcDpDcmVhdG9yVG9vbD0iQWRvYmUgUGhvdG9zaG9wIENTNSBNYWNpbnRvc2giIHhtcE1NOkluc3RhbmNlSUQ9InhtcC5paWQ6OENDRjNBN0E2NTZBMTFFMEI3QjRBODM4NzJDMjlGNDgiIHhtcE1NOkRvY3VtZW50SUQ9InhtcC5kaWQ6OENDRjNBN0I2NTZBMTFFMEI3QjRBODM4NzJDMjlGNDgiPiA8eG1wTU06RGVyaXZlZEZyb20gc3RSZWY6aW5zdGFuY2VJRD0ieG1wLmlpZDo4Q0NGM0E3ODY1NkExMUUwQjdCNEE4Mzg3MkMyOUY0OCIgc3RSZWY6ZG9jdW1lbnRJRD0ieG1wLmRpZDo4Q0NGM0E3OTY1NkExMUUwQjdCNEE4Mzg3MkMyOUY0OCIvPiA8L3JkZjpEZXNjcmlwdGlvbj4gPC9yZGY6UkRGPiA8L3g6eG1wbWV0YT4gPD94cGFja2V0IGVuZD0iciI/PqqezsUAAAAfSURBVHjaYmRABcYwBiM2QSA4y4hNEKYDQxAEAAIMAHNGAzhkPOlYAAAAAElFTkSuQmCC') repeat-x scroll 0 0 transparent;
border: 0 none;
color: #CCC;
height: 4px;
@ -1240,7 +1254,7 @@ textarea.inputStyling {
background: linear-gradient(0deg, #9475B2 0%, #9475B2 50%, #86A 50%) repeat scroll 0% 0% #9475B2;
}
.recaptcha > .recaptcha_buttons > a:first-child {
border-top-right-radius: 0px;
border-top-right-radius: 0;
border-bottom-left-radius: 4px;
}
}

11
main/.htaccess
View file

@ -18,7 +18,7 @@ RewriteRule ^feedback?/?$ http://forum.flash.moe/viewforum.php?f=22
RewriteRule ^credits?/?$ credits.php
RewriteRule ^index?/?$ index.php
RewriteRule ^login?/?$|logout?/?$|activate?/?$|register?/?$|forgotpassword?/?|authenticate?/?$ authenticate.php
RewriteRule ^donate?/?$ donate.php
RewriteRule ^donate?/?$|support?/?$ support.php
RewriteRule ^contact?/?$ infopage.php?r=contact
## Info pages
@ -29,6 +29,11 @@ RewriteRule ^news?/?$ news.php
RewriteRule ^news/([0-9]+)$ news.php?id=$1
RewriteRule ^news.xml$ news.php?xml
## Profiles
RewriteRule ^u$|u/$ profile.php
RewriteRule ^u/([A-Za-z0-9_-\s\.]+)?/?$ profile.php?u=$1
RewriteRule ^u/([A-Za-z0-9_-\s\.]+)/api?/?$ profile.php?data
# Serving Images
RewriteRule ^a/([0-9]+)$ imageserve.php?m=avatar&u=$1
RewriteRule ^a/([0-9]+).png$ imageserve.php?m=avatar&u=$1
RewriteRule ^a/([0-9]+)$|a/([0-9]+).png$ imageserve.php?m=avatar&u=$1
RewriteRule ^bg/([0-9]+)$|bg/([0-9]+).png$ imageserve.php?m=background&u=$1

127
main/authenticate.php
View file

@ -24,7 +24,7 @@ if(isset($_REQUEST['mode'])) {
$renderData['page'] = [
'title' => 'Action failed',
'redirect' => '/authenticate',
'message' => 'Timestamps differ too much, please try again.',
'message' => 'Timestamps differ too much, refresh the page and try again.',
'success' => 0
];
@ -53,9 +53,18 @@ if(isset($_REQUEST['mode'])) {
// Login check
if(Users::checkLogin()) {
if(!in_array($_REQUEST['mode'], ['logout', 'legacypw']))
if(!in_array($_REQUEST['mode'], ['logout', 'legacypw'])) {
$continue = false;
// Add page specific things
$renderData['page'] = [
'title' => 'Authentication',
'redirect' => '/',
'message' => 'You are already authenticated. Redirecting...',
'success' => 1
];
}
}
if($continue) {
@ -79,24 +88,53 @@ if(isset($_REQUEST['mode'])) {
case 'legacypw':
// Attempt change
$legacypass = Users::changeLegacy($_REQUEST['oldpw'], $_REQUEST['newpw'], $_REQUEST['verpw']);
// Array containing "human understandable" messages
$messages = [
'USER_NOT_LOGIN' => 'What are you doing, you\'re not even logged in. GO AWAY!',
'INCORRECT_PASSWORD' => 'The password you entered was invalid.',
'DEACTIVATED' => 'Your account is deactivated.',
'NO_LOGIN' => 'Logging into this account is disabled.',
'PASS_TOO_SHIT' => 'Your password is too weak, try adding some special characters.',
'PASS_NOT_MATCH' => 'Passwords do not match.',
'SUCCESS' => 'Successfully changed your password, you may now continue.'
];
// Add page specific things
$renderData['page'] = [
'title' => 'Changing Password',
'redirect' => $_SERVER['PHP_SELF'],
'message' => 'yet to be implemented',
'success' => 0
'title' => 'Change Password',
'redirect' => '/',
'message' => $messages[$legacypass[1]],
'success' => $legacypass[0]
];
break;
case 'changepassword':
// Attempt change
$passforget = Users::resetPassword($_REQUEST['verk'], $_REQUEST['uid'], $_REQUEST['newpw'], $_REQUEST['verpw']);
// Array containing "human understandable" messages
$messages = [
'INVALID_VERK' => 'The verification key supplied was invalid!',
'INVALID_CODE' => 'Invalid verification key, if you think this is an error contact the administrator.',
'INVALID_USER' => 'The used verification key is not designated for this user.',
'VERK_TOO_SHIT' => 'Your verification code is too weak, try adding some special characters.',
'PASS_TOO_SHIT' => 'Your password is too weak, try adding some special characters.',
'PASS_NOT_MATCH' => 'Passwords do not match.',
'SUCCESS' => 'Successfully changed your password, you may now log in.'
];
// Add page specific things
$renderData['page'] = [
'title' => 'Forgot Password',
'redirect' => $_SERVER['PHP_SELF'],
'message' => 'Yet to be implemented',
'success' => 0
'redirect' => ($passforget[0] ? '/' : $_SERVER['PHP_SELF'] .'?pw=true&uid='. $_REQUEST['uid'] .'&verk='. $_REQUEST['verk']),
'message' => $messages[$passforget[1]],
'success' => $passforget[0]
];
break;
@ -112,7 +150,7 @@ if(isset($_REQUEST['mode'])) {
'USER_NOT_EXIST' => 'The user you tried to activate does not exist.',
'USER_ALREADY_ACTIVE' => 'The user you tried to activate is already active.',
'INVALID_CODE' => 'Invalid activation code, if you think this is an error contact the administrator.',
'INVALID_USER' => 'The used registration code is not designated for this user.',
'INVALID_USER' => 'The used activation code is not designated for this user.',
'SUCCESS' => 'Successfully activated your account, you may now log in.'
];
@ -170,7 +208,7 @@ if(isset($_REQUEST['mode'])) {
// Add page specific things
$renderData['page'] = [
'title' => 'Login',
'redirect' => ($login[0] ? $_REQUEST['redirect'] : '/authenticate'),
'redirect' => ($login[1] == 'LEGACY_SUCCESS' ? '/authenticate?legacy=true' : ($login[0] ? $_REQUEST['redirect'] : '/authenticate')),
'message' => $messages[$login[1]],
'success' => $login[0]
];
@ -230,12 +268,23 @@ if(isset($_REQUEST['mode'])) {
// Unforgetting passwords
case 'forgotpassword':
// Attempt send
$passforgot = Users::sendPasswordForgot($_REQUEST['username'], $_REQUEST['email']);
// Array containing "human understandable" messages
$messages = [
'AUTH_LOCKED' => 'Authentication is currently not allowed, try again later.',
'USER_NOT_EXIST' => 'The requested user does not exist (confirm the username/email combination).',
'DEACTIVATED' => 'Your account is deactivated.',
'SUCCESS' => 'The password reset e-mail has been sent to the address associated with your account.'
];
// Add page specific things
$renderData['page'] = [
'title' => 'Forgot Password',
'redirect' => $_SERVER['PHP_SELF'],
'message' => 'yet to be implemented',
'success' => 0
'title' => 'Lost Password',
'redirect' => '/authenticate',
'message' => $messages[$passforgot[1]],
'success' => $passforgot[0]
];
break;
@ -279,6 +328,32 @@ $renderData['auth'] = [
]
];
// Check if the user is already logged in
if(Users::checkLogin()) {
// If password forgot things are set display password forget thing
if(isset($_REQUEST['legacy']) && $_REQUEST['legacy'] && Users::getUser(Session::$userId)['password_algo'] == 'legacy') {
$renderData['page']['title'] = 'Changing Password';
$renderData['auth']['changingPass'] = true;
print Templates::render('main/legacypasswordchange.tpl', $renderData);
exit;
}
// Add page specific things
$renderData['page'] = [
'title' => 'Authentication',
'redirect' => '/',
'message' => 'You are already logged in, log out to access this page.'
];
print Templates::render('errors/information.tpl', $renderData);
exit;
}
// Check if a user has already registered from the current IP address
if(count($regUserIP = Users::getUsersByIP(Main::getRemoteIP()))) {
@ -292,8 +367,9 @@ if(count($regUserIP = Users::getUsersByIP(Main::getRemoteIP()))) {
// If password forgot things are set display password forget thing
if(isset($_REQUEST['pw']) && $_REQUEST['pw']) {
$renderData['page']['title'] = 'Changing Password';
$renderData['page']['title'] = 'Resetting Password';
$renderData['auth']['changingPass'] = true;
$renderData['auth']['userId'] = $_REQUEST['uid'];
if(isset($_REQUEST['key']))
$renderData['auth']['forgotKey'] = $_REQUEST['key'];
@ -303,24 +379,5 @@ if(isset($_REQUEST['pw']) && $_REQUEST['pw']) {
}
// Check if the user is already logged in
if(Users::checkLogin()) {
// Add page specific things
$renderData['page'] = [
'title' => 'Authentication',
'redirect' => (
isset($_SERVER['HTTP_REFERER']) ?
$_SERVER['HTTP_REFERER'] :
'/'
),
'message' => 'You are already logged in, log out to access this page.'
];
print Templates::render('errors/information.tpl', $renderData);
exit;
}
// Print page contents
print Templates::render('main/authenticate.tpl', $renderData);

5
main/dev/index.php
View file

@ -1,5 +0,0 @@
<h1>Development Tools</h1>
<ul>
<li><a href="sql.php">SQL</a>
<li><a href="registerData.php">Registration Data</a>
</ul>

39
main/dev/registerData.php
View file

@ -1,39 +0,0 @@
<?php
require_once '../../_sakura/sakura.php';
if(isset($_POST['submit'])) {
header('Content-Type: text/plain;charset=utf-8');
$pass = Sakura\Hashing::create_hash($_POST['password']);
$regData = [
'username' => $_POST['username'],
'username_clean' => Sakura\Main::cleanString($_POST['username'], true),
'password_hash' => $pass[3],
'password_salt' => $pass[2],
'password_algo' => $pass[0],
'password_iter' => $pass[1],
'password_chan' => time(),
'email' => Sakura\Main::cleanString($_POST['email'], true),
'group_main' => '1',
'groups' => json_encode([1]),
'register_ip' => Main::getRemoteIP(),
'last_ip' => Main::getRemoteIP(),
'regdate' => time(),
'lastdate' => time(),
'lastunamechange' => time(),
'profile_data' => json_encode([])
];
print_r($regData);
exit;
}
?>
<form method="post" action="<?=$_SERVER['PHP_SELF'];?>">
username: <input type="text" name="username" /><br />
password: <input type="password" name="password" /><br />
email: <input type="text" name="email" /><br />
<input type="submit" name="submit" value="Submit" />
</form>

817
main/dev/sql.php
View file

File diff suppressed because one or more lines are too long

16
main/profile.php Normal file
View file

@ -0,0 +1,16 @@
<?php
/*
* Sakura User Profiles
*/
// Declare Namespace
namespace Sakura;
// Include components
require_once str_replace(basename(__DIR__), '', dirname(__FILE__)) .'_sakura/sakura.php';
// Catch old profile API and return error
if(isset($_REQUEST['data']))
die(json_encode(['error' => true]));
var_dump(@$_REQUEST);